Presented at its Privacy. Security. Risk. conference in Austin, Texas, the IAPP has named GoDaddy as the winner of this year's HPE-IAPP Innovation Award. GoDaddy is being recognized for its privacy program's vision and mission, integrating the need to process personal data to provision products and support growth while bolstering the security of that information.
The HPE-IAPP Privacy Innovation Awards recognize unique programs and services in global privacy and data protection in the private and public sectors and serve to recognize organizations that integrate privacy in such a way that elevates its value as both a competitive differentiator and a centerpiece of customer and citizen trust.
While the EU General Data Protection Regulation’s implementation sent privacy programs everywhere into overdrive, GoDaddy’s chief privacy and risk officer, Todd Redfoot, said that at GoDaddy, that GDPR presented an opportunity to bolster an existing focus.
“GoDaddy has been around for more than 20 years, and throughout that, security has always been top-of-mind from a company perspective. While the nomenclature may have shifted from ‘data protection’ to ‘privacy,’ the focus remained in place,” said Redfoot.
He added, “Privacy is really just part of security and vice versa. We’ve been doing a lot of the work of data protection and encryption previously, so there was a natural migration from securing data to securing the privacy of that data. The way we treat it as a whole at GoDaddy is that one of our key strategies is privacy and security of our customer data.”
As the world’s largest cloud platform dedicated to small, independent ventures, GoDaddy operates throughout multiple continents, works with 18 million customers, has approximately 8,000 employees and oversees more than 76 million web domains.
Part of what makes GoDaddy’s privacy program so effective is its breadth. Deciding to take a broad, customer-based approach helped the company focus on ways to embed security into its DNA in a way that made it easy to protect personal information. In addition to internal privacy practices, the privacy initiative spans across cloud environments and incorporates technologies to centralize and automate privacy compliance.
Leticia Webb, director of technology risk management, said GoDaddy’s incorporation of automation has not only helped customers exercise their rights, but it has helped employees better understand data protection requirements.
“We’re really focused on making sure that we are actually helping our customers, we have a vested interest in making sure things are easy and seamless for them," said Webb. "Internally we focus on making sure that things are easy to understand."
While it certainly was not the impetus for GoDaddy's privacy initiative, the GDPR allowed the company to create a more refined focus on privacy.
Vice President of Legal Affairs Kevin Kreuser, CIPP/E, CIPP/US, said, "Headline news has shown people the consequences of not having a good privacy program, and the GDPR afforded us the buy-in necessary to provide the support, resources and structure necessary for a robust program."
As the May 25 compliance deadline for the GDPR passed, many have wondered whether companies would maintain their privacy bravado, but the team at GoDaddy is not concerned. They have seen their due diligence and commitment to ensuring communication among departments pay off.
"We were a little worried that come May 25, efforts would fade into the background. Fortunately, there is a push to evolve as we move forward, especially in terms of how we can improve the program from a systems standpoint, a policies standpoint and from a personnel standpoint. We’ve taken GDPR as an opportunity to take a look at everything and put together a comprehensive and ever-evolving privacy program,” said Kreuser.
If you want to comment on this post, you need to login.